Re: [squid-users] pam_smb authentication

From: Squid Support (Henrik Nordstrom) <hno@dont-contact.us>
Date: Tue, 19 Feb 2002 12:32:40 +0100

Then you may need to make is set-user-id root to give it permission
to authenticate as other users than the user it runs as..

Regards
Henrik

On Tuesday 19 February 2002 09:32, Matt Brander wrote:
> Henrik
>
> From the command line the pam_auth works ok and authenticates
> without fail - though only as root.
>
> Regards
>
> Matt
>
> >>> "Squid Support (Henrik Nordstrom)" <hno@marasystems.com>
> >>> 02/18/02 10:25PM >>>
>
> You SHOULD NOT give too wide permissions to Squid pam_auth or pam
> files in general (or in fact any configuration file). Doing so is a
> quite large security risk.
>
> Can you use the Squid pam_auth helper from the command line and
> successfuly authenticate users?
>
> Regards
> Henrik
>
> On Monday 18 February 2002 18.30, Matt Brander wrote:
> > Hello.....
> >
> > The scenario:
> >
> > Mandrake 7.2
> > Squid2.4
> > pam_smb_auth 1.1.6?
> > NT4 PDC
> >
> > I am attempting to restrict access to my squid proxy using NT
> > domain logins.
> >
> >
> > The current situation:
> >
> > I currently have pam_smb authentication working against my NT
> > PDC, but only from the CLI whilst logged in as root. If I setup
> > squid to use the pam_auth executable for authentication, it
> > prompts for an NT domain user and password as expected but even a
> > correct login fails. Squid obviously then denies access.
> >
> > Do you have any suggestions on why this is not working? Or
> > perhaps where I can look to find out more about the point at
> > which it is failing?
> >
> > I thought it may be a permissions problem but I chmod 777 on all
> > the pam_auth files (/etc/pam_smb.conf, /usr/sbin/pam_auth,
> > /lib/security/pam_smb_auth.so) and it made no difference.
> >
> > Any light you can shed on the problem would be very much
> > appreciated.
> >
> > Regards
> >
> > Matt Brander

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Tue Feb 19 2002 - 05:05:06 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:26 MST